Twitter

One possible issue during an upgrade to VMware vSphere 5.1 or 5.5 (but also in a new installation) is related with the introduction of the the SSO (introduced in vSphere 5.1) component in vCenter Server that handle the authentication across the different vCenter Server components, but also against the users.

In some cases you may have the following issues during the user autentication:

You can log into vCenter Server 5.1 or 5.5 with the vSphere Client or vSphere Web Client only with local users

Logging into vCenter Server 5.1 or 5.5 using the vSphere Client with an Active Directory domain account and/or selecting the Use Windows session credentials checkbox, fails with this error:Cannot complete login due to an incorrect username or password

The KB 2035510 (Logging into vCenter Server 5.1 or 5.5 using the “Use Windows session credentials” option fails with the error: Cannot complete login due to an incorrect username or password) explain the cause and the resolution process.

Cause

Active Directory Identity Sources must be added to the Single Sign On (SSO) configuration with the domain NETBIOS (short name) as the Domain Alias. If a Domain Alias is not configured with the domain short name, authentication using session credentials may fail.

Resolution

To resolve this issue, remove the existing Active Directory Identity Source, and recreate it with a Domain Alias.

To remove the existing Active Directory Identity Source, and recreate it with a Domain Alias:

log into vcenter host server as domain admin
open elevated command prompt
run:
setspn -S STS/domain.com “domain account name to use as spn”

open web client and go to sso config like you stated.
edit your domain
choose Use SPN
SPN = STS/domain.com (use your local domain)
UPN = “domain account name to use as spn”@domain.com
Password = whatever you created